Distributed Systems
Introduction to Cryptography
Paul Krzyzanowski [email protected]
Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Ngywioggazhon Pystemp Auesfnsicutiwf & Moiiunocaiwn Piqtoaoyp
Page 2 Cryptographic Systems Authentication & Communication Protocols
Page 3 cryptography
κρυπός γραφία
hidden writing
A secret manner of writing, … Generally, the art of writing or solving ciphers. — Oxford English Dictionary
Page 4 cryptology
κρυπός λογια
hidden speaking
1967 D. Kahn, Codebreakers p. xvi, Cryptology is the science that embraces cryptography and cryptanalysis, but the term ‘cryptology’ sometimes loosely designates the entire dual field of both rendering signals secure and extracting information from them. — Oxford English Dictionary
Page 5 Cryptography Security
Cryptography may be a component of a secure system
Adding cryptography may not make a system secure
Page 6 Terms
Plaintext (cleartext), message M
encryption, E(M)
produces ciphertext, C=E(M)
decryption: M=D(C)
Cryptographic algorithm, cipher
Page 7 Terms: types of ciphers
• restricted cipher
• symmetric algorithm
• public key algorithm
Page 8 Restricted cipher
Secret algorithm
• Leaking • Reverse engineering – HD DVD (Dec 2006) and Blu-Ray (Jan 2007) – RC4 – All digital cellular encryption algorithms – DVD and DIVX video compression – Firewire – Enigma cipher machine – Every NATO and Warsaw Pact algorithm during Cold War
Page 9 The key
BTW, the above is a bump key. See http://en.wikipedia.org/wiki/Lock_bumping.Page 10 The key
Source: en.wikipedia.org/wiki/Pin_tumbler_lock
Page 11 The key
Source: en.wikipedia.org/wiki/Pin_tumbler_lock
Page 12 The key
• We understand how it works: – Strengths – Weaknesses
• Based on this understanding, we can assess how much to trust the key & lock.
Source: en.wikipedia.org/wiki/Pin_tumbler_lock
Page 13 Symmetric algorithm
Secret key
C = EK(M )
M = DK(C )
Page 14 Public key algorithm
Public and private keys
C1 = Epublic(M )
M = Dprivate(C1 )
also:
C2 = Eprivate(M )
M = Dpublic(C2 )
Page 15 McCarthy’s puzzle (1958)
The setting: • Two countries are at war • One country sends spies to the other country • To return safely, spies must give the border guards a password
• Spies can be trusted • Guards chat – information given to them may leak
Page 16 McCarthy’s puzzle
Challenge
How can a guard authenticate a person without knowing the password?
Enemies cannot use the guard’s knowledge to introduce their own spies
Page 17 Solution to McCarthy’s puzzle
Michael Rabin, 1958
Use one-way function, B = f (A) – Guards get B … • Enemy cannot compute A – Spies give A, guards compute f(A) • If the result is B, the password is correct.
Example function: Middle squares • Take a 100-digit number (A), and square it • Let B = middle 100 digits of 200-digit result
Page 18 One-way functions
• Easy to compute in one direction • Difficult to compute in the other
Examples: Factoring: pq = N EASY find p,q given N DIFFICULT Discrete Log: ab mod c = N EASY find b given a, c, N DIFFICULT
Page 19 McCarthy’s puzzle example
Example with an 18 digit number A = 289407349786637777 A2 = 83756614110525308948445338203501729110525308948445338 Middle square, B = 110525308948445338
Given A, it is easy to compute B Given B, it is extremely hard to compute A
Page 20 More terms
• one-way function – Rabin, 1958: McCarthy’s problem – middle squares, exponentiation, … • [one-way] hash function – message digest, fingerprint, cryptographic checksum, integrity check • encrypted hash – message authentication code – only possessor of key can validate message
Page 21 More terms
• Stream cipher – Encrypt a message a character at a time
• Block cipher – Encrypt a message a chunk at a time
Page 22 Yet another term
• Digital Signature – Authenticate, not encrypt message – Use pair of keys (private, public) – Owner encrypts message with private key – Sender validates by decrypting with public key – Generally use hash(message).
Page 23 Cryptography: what is it good for?
• Authentication – determine origin of message
• Integrity – verify that message has not been modified
• Nonrepudiation – sender should not be able to falsely deny that a message was sent
• Confidentiality – others cannot read contents of the message
Page 24 Cryptographic toolbox
• Symmetric encryption
• Public key encryption
• One-way hash functions
• Random number generators
Page 25 Classic Cryptosystems
Page 26 Substitution Ciphers
Page 27 Cæsar cipher
Earliest documented military use of cryptography – Julius Caesar c. 60 BC – shift cipher: simple variant of a substitution cipher – each letter replaced by one n positions away modulo alphabet size n = shift value = key
Similar scheme used in India – early Indians also used substitutions based on phonetics similar to pig latin
Last seen as ROT13 on Usenet to keep the reader from seeing offensive messages unwillingly
Page 28 Cæsar cipher
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z A B C D E F G H I J K L M N O P Q R S T U V WX Y Z
Page 29 Cæsar cipher
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T shift alphabet by n (6)
Page 30 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
Page 31 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
G
Page 32 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GS
Page 33 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSW
Page 34 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWU
Page 35 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUN
Page 36 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNB
Page 37 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBU
Page 38 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUM
Page 39 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZ
Page 40 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZF
Page 41 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZFY
Page 42 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBUMZFYU
Page 43 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBMUFZYUM
Page 44 Cæsar cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z U V WX Y Z A B C D E F G H I J K L M N O P Q R S T
GSWUNBMUFZYUM • Convey one piece of information for decryption: shift value
• trivially easy to crack (26 possibilities for a 26 character alphabet)
Page 45 Ancient Hebrew variant (ATBASH)
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z Z Y XW V U T S R Q P O N M L K J I H G F E D C B A
NBXZGSZHUOVZH • c. 600 BC • No information (key) needs to be conveyed!
Page 46 Substitution cipher
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z M P S R L Q E A J T N C I F Z WO Y B X G K U D V H
IVSMXAMBQCLMB • General case: arbitrary mapping • both sides must have substitution alphabet
Page 47 Substitution cipher
Easy to decode: – vulnerable to frequency analysis
Moby Dick Shakespeare (1.2M chars) (55.8M chars)
e 12.300% e 11.797% o 7.282% o 8.299% d 4.015% d 3.943% b 1.773% b 1.634% x 0.108% x 0.140%
Page 48 Statistical Analysis
Letter frequencies E: 12% A, H, I, N, O, R, S, T: 6 – 9% D, L: 4% B, C, F, G, M, P, U, W, Y: 1.5 – 2.8% J, K, Q, V, X, Z: < 1% Common digrams: TH, HE, IN, ER, AN, RE, … Common trigrams THE, ING, AND, HER, ERE, …
Page 49 Polyalphabetic ciphers
Designed to thwart frequency analysis techniques – different ciphertext symbols can represent the same plaintext symbol • 1 many relationship between letter and substitute Leon Battista Alberti: 1466: invented key – two disks J – line up predetermined letter on A inner disk with outer disk – plaintext on inner ciphertext on outer – after n symbols, the disk is rotated to a new alignment encrypt: AJ decrypt: J A
Page 50 Page 51 Vigenère polyalphabetic cipher
• Blaise de Vigenère, court of Henry III of France, 1518 • Use table and key word to encipher a message • repeat keyword over text: (e.g. key=FACE) FA CEF ACE FACEF .... MY CAT HAS FLEAS • encrypt: find intersection: row = keyword letter column = plaintext letter • decrypt: column = keyword letter, search for intersection = ciphertext letter • message is encrypted with as many substitution ciphers as there are letters in the keyword
Page 52 Vigenère polyalphabetic cipher
plaintext letter
A B C D E F G H I J K L M N O P Q R S T A B C D E F G H I J K L M N O P Q R S T B C D E F G H I J K L M N O P Q R S T U C D E F G H I J K L M N O P Q R S T U V D E F G H I J K L M N O P Q R S T U V W keytext E F G H I J K L M N O P Q R S T U V WX letter F G H I J K L M N O P Q R S T U V WX Y
ciphertext letter
Page 53 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS R
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 54 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 55 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY E
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 56 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EE
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 57 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 58 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY H
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 59 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HC
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 60 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 61 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW K
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 62 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KL
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 63 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KLG
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 64 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KLGE
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 65 Vigenère polyalphabetic cipher
FA CEF ACE FACEF MY CAT HAS FLEAS RY EEY HCW KLGEX
A B C D E F G H I J K L M N O P Q R S T U V WX Y Z B C D E F G H I J K L M N O P Q R S T U V WX Y Z A C D E F G H I J K L M N O P Q R S T U V WX Y Z A B D E F G H I J K L M N O P Q R S T U V WX Y Z A B C E F G H I J K L M N O P Q R S T U V WX Y Z A B C D F G H I J K L M N O P Q R S T U V WX Y Z A B C D E G H I J K L M N O P Q R S T U V WX Y Z A B C D E F H I J K L M N O P Q R S T U V WX Y Z A B C D E F G
Page 66 Vigenère polyalphabetic cipher
"The rebels reposed their major trust, however, in the Vigenere, sometimes using it in the form of a brass cipher disc. In theory, it was an excellent choice, for so far as the South knew the cipher was unbreakable. In practice, it proved a dismal failure. For one thing, transmission errors that added or subtracted a letter ... unmeshed the key from the cipher and caused no end of difficulty. Once Major Cunningham of General Kirby-Smith's staff tried for twelve hours to decipher a garbled message; he finally gave up in disgust and galloped around the Union flank to the sender to find out what it said."
http://rz1.razorpoint.com/index.html
Page 67 Transposition Ciphers
Page 68 Transposition ciphers
• Permute letters in plaintext according to rules
• Knowledge of rules will allow message to be decrypted
• Earliest version used by the Spartans in the 5th century BC – staff cipher
Page 69 Transposition ciphers: staff cipher
MYCATHASFLEAS
MHE
M H E
Page 70 Transposition ciphers: staff cipher
MYCATHASFLEAS
MHE YAA
Y A A
Page 71 Transposition ciphers: staff cipher
MYCATHASFLEAS
MHE YAA CSS
C S S
Page 72 Transposition ciphers: staff cipher
MYCATHASFLEAS
MHE YAA CSS AFx
A F Pad out the text. This is a x block cipher versus a stream cipher
Page 73 Transposition ciphers: staff cipher
MYCATHASFLEAS
MHE YAA CSS Afx TLy
T L y
Page 74 Transposition cipher
Table version of staff cipher – enter data horizontally, read it vertically – secrecy is the width of the table
M Y C A T H A S MYCATHASFLEAS F L E A S x y z
Page 75 Transposition cipher
Table version of staff cipher – enter data horizontally, read it vertically – secrecy is the width of the table
M Y C A T H A S MYCATHASFLEAS MTFS F L E A S x y z
Page 76 Transposition cipher
Table version of staff cipher – enter data horizontally, read it vertically – secrecy is the width of the table
M Y C A T H A S MYCATHASFLEAS MTFSYHLx F L E A S x y z
Page 77 Transposition cipher
Table version of staff cipher – enter data horizontally, read it vertically – secrecy is the width of the table
M Y C A T H A S MYCATHASFLEAS MTFSYHLxCAEy F L E A S x y z
Page 78 Transposition cipher
Table version of staff cipher – enter data horizontally, read it vertically – secrecy is the width of the table
M Y C A T H A S MYCATHASFLEAS MTFSYHLxCAEyASAz F L E A S x y z
Page 79 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S F L E A S x y z
Page 80 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S YHLx F L E A S x y z
YHLx
Page 81 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S YHLxASAz F L E A S x y z ASAz
Page 82 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S YHLxASAzMTFS F L E A S x y z
MTFS
Page 83 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S YHLxASAzMTFSCAEy F L E A S x y z CAEy
Page 84 Transposition cipher with key
– permute letters in plaintext according to key – read down columns, sorting by key
Key: 3 1 4 2 M Y C A MYCATHASFLEAS T H A S YHLxASAzMTFSCAEY F L E A S x y z
Page 85 Combined ciphers
• Combine transposition with substitution ciphers – German ADFGVX cipher (WWI)
• can be troublesome to implement – may require a lot of memory – may require that messages be certain lengths
• Difficult with manual cryptography
Page 86 Electro-mechanical cryptographic engines
Page 87 Rotor machines
1920s: mechanical devices used for automating encryption
Rotor machine:
– set of independently rotating cylinders through which electrical pulses flow
– each cylinder has input & output pin for each letter of the alphabet
– implements a version of the Vigenère cipher
– each rotor implements a substitution cipher
– output of each rotor is fed into the next rotor
Page 88 Rotor machines
• Simplest rotor machine: single cylinder
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
• after a character is entered, the cylinder rotates one position – internal combinations shifted by one – polyalphabetic substitution cipher with a period of 26
Page 89 Single cylinder rotor machine
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z G V I L C M B Q F K D O S P Z H R E U Z N X A T W J
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
rotate
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z K H W J M D N C R G L E P T Q Z I S F V A O Y B U X
Page 90 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
S
Page 91 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SU
Page 92 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUI
Page 93 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIU
Page 94 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUV
Page 95 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVA
Page 96 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAY
Page 97 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYO
Page 98 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOI
Page 99 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOIN
Page 100 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOINK
Page 101 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOINKB
Page 102 Single cylinder rotor machine
MY CAT HAS FLEAS
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
SUIUVAYOINKBY
Page 103 Multi-cylinder rotor machines
Single cylinder rotor machine – substitution cipher with a period = length of alphabet (e.g., 26) Multi-cylinder rotor machine – feed output of one cylinder as input to the next one – first rotor advances after character is entered – second rotor advances after a full period of the first – polyalphabetic substitution cipher • period = (length of alphabet)number of rotors • 3 26-char cylinders 263 = 17,576 substitution alphabets • 5 26-char cylinders 265 = 11,881,367 substitution alphabets
Page 104 Enigma
• Enigma machine used in Germany during WWII • Three rotor system – 263 = 17,576 possible rotor positions • Input data permuted via patch panel before sending to rotor engine • Data from last rotor reflected back through rotors makes encryption symmetric • Need to know initial settings of rotor – setting was f(date) – find in book of codes • broken by group at Bletchley Park (Alan Turing)
Page 105 Enigma
Reflector Rotors
Plugboard
Glowlamps (results)
Keyboard (input)
Page 106 One-time pads
Only provably secure encryption scheme • invented in 1917
• large non-repeating set of random key letters written on a pad • each key letter on the pad encrypts exactly one plaintext character – encryption is addition of characters modulo 26 • sender destroys pages that have been used • receiver maintains identical pad
Page 107 One-time pads
If pad contains M + K mod 26 = W KWXOPWMAELGHW… Y + W mod 26 = U and we want to encrypt C + X mod 26 = Z MY CAT HAS FLEAS A + O mod 26 = O T + P mod 26 = I H + W mod 26 = D Ciphertext: A + M mod 26 = M WUZOIDMSJWKHO S + A mod 26 = S F + E mod 26 = J L + L mod 26 = W E + G mod 26 = K A + H mod 26 = H S + W mod 26 = O
Page 108 One-time pads
The same ciphertext can W - D mod 26 = W decrypt to anything U - N mod 26 = U depending on the key! Z - V mod 26 = Z O - L mod 26 = O Same ciphertext: I - U mod 26 = I D - X mod 26 = D WUZOIDMSJWKHO M - E mod 26 = M With a pad of: S - A mod 26 = S KWXOPWMAELGHW… J - C mod 26 = J Produces: W - W mod 26 = W THE DOG IS HAPPY K - V mod 26 = K H - S mod 26 = H O - Q mod 26 = O
Page 109 One-time pads
Can be extended to binary data – random key sequence as long as the message – exclusive-or key sequence with message – receiver has the same key sequence
Page 110 One-Time Pad
void onetimepad(void) { FILE *if = fopen(“intext”, “r”); FILE *kf = fopen(“keytext”, “r”); FILE *of = fopen(“outtext”, “w”); int c, k;
while ((c = getc(if)) != EOF) { k = getc(kf); putc((c^k), of); } fclose(if); fclose(kf); fclose(of); }
Page 111 One-time pads
Problems with one-time pads: – key needs to be as long as the message! – key storage can be problematic • may need to store a lot of data – keys have to be generated randomly • cannot use pseudo-random number generator – cannot reuse key sequence – sender and receiver must remain synchronized (e.g. cannot lose a message)
Page 112 Digression: random numbers
• “anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin” – John vonNeumann
• Pseudo-random generators – Linear feedback shift registers – Multiplicative lagged Fibonacci generators – Linear congruential generator
• Obtain randomness from: – Time between keystrokes – Various network/kernel events – Cosmic rays – Electrical noise – Other encrypted messages
Page 113 Computer Cryptography
Page 114 DES
• Data Encryption Standard – adopted as a federal standard in 1976 • block cipher, 64 bit blocks • 56 bit key – all security rests with the key • substitution followed by a permutation (transposition) – same combination of techniques is applied on the plaintext block 16 times
Page 115 DES
64 bit plaintext block 48-bit subkey permuted from key initial permutation, IP
left half, L1 right half, R0 f K1 16 rounds
L1= R0 R1 = L0 f(R0, K1)
L15= R14 R15 = L14 f(R14, K15) f K16
R16 = L15 f(R15, K16) L16 = R15
final permutation, IP-1
64 bit ciphertext block Page 116 DES: f
DATA: right 32 bits KEY: 56 bits
48 bits 48 bits
S S S S S S S S
New DATA: DATA: left 32 bits right 32 bits
Page 117 DES: S-boxes
• After compressed key is XORed with expanded block – 48-bit result moves to substitution operation via eight substitution boxes (s-boxes) • Each S-box has – 6-bit input – 4-bit output • 48 bits divided into eight 6-bit sub-blocks • Each block is operated by a separate S-box • key components of DES’s security • net result: 48 bit input generates 32 bit output
Page 118 Is DES secure?
56-bit key makes DES relatively weak – 7.2×1016 keys – Brute-force attack
Late 1990’s: – DES cracker machines built to crack DES keys in a few hours – DES Deep Crack: 90 billion keys/second – Distributed.net: test 250 billion keys/second
Page 119 The power of 2
Adding an extra bit to a key doubles the search space.
Suppose it takes 1 second to attack a 20-bit key:
•21-bit key: 2 seconds •32-bit key: 1 hour •40-bit key: 12 days •56-bit key: 2,178 years •64-bit key: >557,000 years!
Page 120 Increasing The Key
Can double encryption work for DES?
– Useless if we could find a key K such that:
EK(P) = EK2(EK1(P))
– This does not hold for DES
Page 121 Double DES
Vulnerable to meet-in-the-middle attack
If we know some pair (P, C), then: 56 [1] Encrypt P for all 2 values of K1 56 [2] Decrypt C for all 2 values of K2
For each match where [1] = [2] – test the two keys against another P, C pair – if match, you are assured that you have the key
Page 122 Triple DES
Triple DES with two 56-bit keys:
C = EK1(DK2(EK1(P))) Triple DES with three 56-bit keys:
C = EK3(DK2(EK1(P)))
Decryption used in middle step for compatibility
with DES (K1=K2=K3)
C = EK(DK(EK(P))) C = EK1(P)
Page 123 Triple DES
Prevent meet-in-the-middle attack with – three stages – and two keys
Triple DES:
C = EK1(DK2(EK1(P)))
Decryption used in middle step for compatibility with DES
C = EK(DK(EK(P))) C = EK1(P)
Page 124 Popular symmetric algorithms
IDEA - International Data Encryption Algorithm – 1992 – 128-bit keys, operates on 8-byte blocks (like DES) – algorithm is more secure than DES RC4, by Ron Rivest – 1995 – key size up to 2048 bits – not secure against multiple messages encrypted with the same key AES - Advanced Encryption Standard – NIST proposed successor to DES, chosen in October 2000 – based on Rigndael cipher – 128, 192, and 256 bit keys
Page 125 AES
From NIST: Assuming that one could build a machine that could recover a DES key in a second (i.e., try 256 keys per second), then it would take that machine approximately 149 trillion years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old.
http://csrc.nist.gov/encryption/aes/
Page 126 The end.
Page 127